Ubuntu 754-1: ClamAV vulnerabilities

    Date 07 Apr 2009
    167
    Posted By LinuxSecurity Advisories
    It was discovered that ClamAV did not properly verify its input whenprocessing TAR archives. A remote attacker could send a specially craftedTAR file and cause a denial of service via infinite loop.
    ===========================================================
    Ubuntu Security Notice USN-754-1             April 07, 2009
    clamav vulnerabilities
    https://launchpad.net/bugs/354190
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.10:
      libclamav5                      0.94.dfsg.2-1ubuntu0.2
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    It was discovered that ClamAV did not properly verify its input when
    processing TAR archives. A remote attacker could send a specially crafted
    TAR file and cause a denial of service via infinite loop.
    
    It was discovered that ClamAV did not properly validate Portable Executable
    (PE) files. A remote attacker could send a crafted PE file and cause a
    denial of service (divide by zero).
    
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2.diff.gz
          Size/MD5:   159494 569d83469ec4c0c095e086b96ff93a3e
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2.dsc
          Size/MD5:     1507 50f4ad487c539c33097493adde678bbc
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
          Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58
    
      Architecture independent packages:
    
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.2_all.deb
          Size/MD5: 19497370 29b64e7342a2da826028fcd2d211c180
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.2_all.deb
          Size/MD5:  1077536 9dade9b20e2af72ab729f822a45ae620
        https://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.2_all.deb
          Size/MD5:   208252 185ffe0740b4452c30ff71f15f3acecd
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   239812 d419a6a86bfed53b8c65de72018cf2be
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   915298 f142f24d6536475da4f2e4c61c29668f
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   255646 d059cb2af281f852f6d4631dbf23d956
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   235798 b42f6048c8c8c0a325ffafb6adc743a8
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   574076 58ed72c648459676b3ca0b80bf292c72
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   538786 baf0e94e72890b13a55e5a85240adcdd
        https://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_amd64.deb
          Size/MD5:   232880 aae5790414af14016065fc641c5d0103
    
      i386 architecture (x86 compatible Intel/AMD):
    
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   233350 8dab9e16b38722e0915b2c0bff509d57
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   849252 20380bf3aa97e511e8d5846b48cce4e3
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   253896 168c66b29f99e32e310c95232a335caf
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   232884 ff274f6cfb81c7317e8dc6185e3b99e2
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   542018 90aa265556942f7e385ff8efd1d90378
        https://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   524704 5a5769d3dcafc905cf2566b455a66055
        https://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_i386.deb
          Size/MD5:   229422 24ca2a59a498fcd1f0facd82a230382e
    
      lpia architecture (Low Power Intel Architecture):
    
        https://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   232896 a7c1b915398100aae59e78196d88993d
        https://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   866776 a0028dcb322e704271d64887c27298c3
        https://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   253922 e3eb70eb180f016131aa58b42c07d30f
        https://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   232420 9684e4007d9b666997f952c412bc6bad
        https://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   544010 15cebc737098bee5f8f29cea2f2ce926
        https://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   527298 94c4332c8aafbd271ccf852e6e39f81f
        https://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_lpia.deb
          Size/MD5:   229436 82e0002dafa432c7ba9cf3599f06c8a6
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        https://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   243080 12f136c1c63f192fcd10ba1be9ee9388
        https://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   903752 c1b8337a7907aff23b2d906a96d7ed2e
        https://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   258406 b0b4ccab674564620c7d5cfb3ff1bf4b
        https://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   240432 d701e42128b81fc59d097bd0bd630d5d
        https://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   614092 53784edb59531d11ad1061fed69f1416
        https://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   555154 1367903a35abb12629e888a349e09c1f
        https://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_powerpc.deb
          Size/MD5:   232982 78c674f2eb6be9553d6095c51a9b94fb
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        https://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   232896 c7efef059d819f94201ce83033ac18b1
        https://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   836434 fbe2ff2c6d676fc07b7c2ed6622dd111
        https://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   253176 9fa78256318e53cb80ae25083d9542e6
        https://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   233292 7e71e6dae6924f5ec8ee5073307c6157
        https://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   577972 c314d733cc7d2e1e7126306621051a32
        https://ports.ubuntu.com/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   543722 47a3c931269cec8100eb3996dfa3c2fd
        https://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.2_sparc.deb
          Size/MD5:   230372 53641460c0f848902ed9d300443fbadd
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"19","type":"x","order":"1","pct":95,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.